Goal - I want to forward Internet bound HTTP and HTTPS traffic to a Proxy via an IPSEC Tunnel - I want to maintain my private IP as it goes accross the IPSEC Tunnel - I also want remaining Internet Traffic to route Normally by NATing to my outside address. In 8.4 this is quite easy as I can specify a destination port and have "any" source port for the NAT Here is a snap shot of the config: object service Proxy_HTTP service tcp destination eq www object service Proxy_HTTPS service tcp destination eq https nat (inside,outside) source static any any service Proxy_HTTP Proxy_HTTP nat (inside,outside) source static any any service Proxy_HTTPS Proxy_HTTPS ! object network Non_Proxy nat (any,outside) dynamic interface PROBLEM: I need this behavior in 8.2.x - I have found no way to mimic this. You cannot use NAT Exemption as it cannot be port based A static policy NAT with Access list will not work as you must specify a single source port - Since there is no way to predict the source port this wont work. I don't see any of the other NAT Types working this way. If there is a way to make this work in 8.2 please let me know - We have many ASAs and we are not ready to make the leap to 8.4 but we need to use the proxy.
... View more